Korean
<< Back
VID 27095
Severity 30
Port 135
Protocol TCP
Class WMI
Detailed Description The "Allow Anonymous SID / Name Translation" policy is set to "Enable" on the remote Windows server. If this policy is set to ¡°Enable¡±, a user with local access can use the well-known Administrator SID to get the real name of the Administrator account and run a password guessing attack.

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* Platforms Affected:
Microsoft Windows Any version
Recommendation - Start / Run / SECPOL.MSC / Local Policies / Security Options
- Set the ¡°Network Access: Allow Anonymous SID / Name Translation¡± policy to ¡°Disabled¡±
Related URL (CVE)
Related URL (SecurityFocus)
Related URL (ISS)